Archive for August 31, 2017

Wikileaks website hacked by ‘OurMine’ hacking group



The non-profit whistleblowing website WikiLeaks suffered a cyber-attack by a Saudi Arabian-based hacking group OurMine.



The visitors to WikiLeaks.org were redirected to a page created by OurMine in which they claimed the responsibility to deface the website with a display of statement on the WikiLeaks website. “Hi, it’s OurMine ( Security Group ), don’t worry we are just testing your…. blablablab, Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”


Other than posting a message on the website, they posted strings of tweets on twitter detailing the reason behind the hack. “first of all, the people who are wondering why we hacked it, we did that because they challenged us to hack them about a few months ago. We have been working on this for a very long time, Finally, we did this! and its hacked!”

There is no official confirmation about how the website was hacked, but it appears that the group carried out a “DNS poisoning”  attack rather than attacking WikiLeaks’ servers directly.


This is not the first time when OurMine has  hacked the website, in fact, they a reputation of hacking high profile social media accounts including that of Netflix, HBO, Sony, Marvel, Google, Facebook CEO Mark Zuckerberg, Google CEO Sunder Pichai, former Twitter CEOs Dick Costolo and Ev Williams

Pacemakers under hacking threat,FDA asks firmware to update device

Heart Patients using pacemakers particularly of Abbott brand will have to visit their doctors for a software update to keep safe their pacemakers from vulnerabilities and tampering through the internet.

Smart Pacemakers with accessibility to mobile devices and other online systems are potentially vulnerable to online tampering. The attacker could possibly change pacemakers programmed settings, change the beats and rhythm of a device, drain device battery life.


The Food and Drug Administrator (FDA) has asked Abbott to release a patch for the vulnerabilities.

One of the official from FDA said “The FDA has reviewed information concerning potential cyber security vulnerabilities associated with St. Jude Medical’s RF-enabled implantable cardiac pacemakers and has confirmed that these vulnerabilities, if exploited, could allow an unauthorized user (i.e. someone other than the patient’s physician) to access a patient’s device using commercially available equipment,” He further added “This access could be used to modify programming commands to the implanted pacemaker, which could result in patient harm from rapid battery depletion or administration of inappropriate pacing,”

According to the FDA total of  465,000 pacemakers in the US are affected -- although it is unknown about the effect it had outside the United States.

There have been no reports of compromised pacemakers, but the threat is huge which has to be taken very seriously as it can be life threatening.

Recently Abbott sent a letter to doctors about the new update - a separate software need to be installed in a device which will work on radio frequency and devices which will try to connect with Merlin website has to get authenticated via Merlin@home transmitter, making the device more safe than the past.



Yekaterinburg Police arrested a Cybercrime ring for stealing money from Bank cards


In Yekaterinburg, Police caught a group of cyber criminals for stealing money from bank cards, according to the local news report.

The accused sent fake messages to victims that says money is withdrawn from his account. It appears they have given a fake helpline number also. If the victim call that number, the criminals pretending be from Bank will convince the victim to give all information about the card and other bank related information.

The gathered information will be later used by the criminals to steal money from the victims' accounts. The criminals spent the stolen money to buy expensive cars and houses.

The cyber criminals scammed not only normal citizens from different regions of Russia, but also older generation with a small pension. The direct value of losses exceeded 600 thousand Rubles.

During the search at the location of accused, the police seized Computer Equipment, Mobile Phones, more than 50 SIM cards, Bank Cards, money and gun.

The largest bank in Central and Eastern Europe SBERBANK commented on that situation: "Bank personnel are prohibited to disclose personal details of clients and send its to third parties. If you have been contacted by strangers, who are trying to find out information about your Bank card, be careful: it's clear signs of fraud. We recommend you to call the Bank or contact the personnel at the Bank".

Voices and handwriting were examined to find the criminals in this case. Also, law enforcement officers used modern computer technology to track down criminals' place of work. The accused may receive about 5 years imprisonment.

- Christina
 

WikiLeaks report CIA may acess Aadhar card details



WikiLeaks has recently published a report saying that India’s Aadhar card details might have been compromised by the United States' top intelligence agency CIA (Central Intelligence Agency) through a technology that has been developed by Cross Match, a US-based technology provider for cyber spying, to access biometric data through covert operations conducted across the world.


WikiLeaks called this project as 'ExpressLane project of the CIA'.


On August 25, Wikileaks tweeted "Have CIA spies already stolen #India's national ID card database?"


According to the reports  "Cross Match was one of the first suppliers of biometric devices certified by UIDAI for Aadhaar program. The company received the Certificate of Approval from the Indian Government in 2011. Cross Match received the Certificate of Approval for its Guardian fingerprint capture device and the I SCAN dual iris capture device on October 7, 2011. Both systems utilize Cross Match's patented Auto Capture feature, which quickly captures high-quality images with minimal operator involvement."


However, UIDAI has denied any kind of data theft. They have released the statement stating that ”Some vested interests are spreading misinformation. As ‘cross match’ is one of the devices used in biometric devices used in the Aadhaar ecosystem, the biometrics captured by Aadhaar is allegedly unauthorisedly accessed by others”.


“In addition, there are many other rigorous security features and processes within UIDAI ensuring that no biometric data of any individual is unauthorized accessed by anyone in any manner whatsoever,” the UIDAI said.



Game of Thrones Season 7 climax leaked by HBO Hackers

The Seventh season of Game of Thrones- 'The Dragon and the Wolf' has not been easy for the HBO. There have been a series of Game of Thrones leaks-- everything from scripts to complete episodes. Now the hackers have leaked the plot of a final episode.

The hacking group, Mr. Smith was responsible for stealing  1.5 terabytes of data from HBO have now released the "sixth wave" of data dumps and the dumps contain how the show will end.

According to the reports of The Independent, “a detailed outline of every episode in season 7 include the finale, intended for internal use and dated April 2016 was posted on Reddit’s Game of Thrones spoilers-dedicated subreddit, Freefolk, apparently originating from the HBO hack”.

The leak has been a result of HBO's refusal to pay approximately $6.5 million worth of Bitcoin as a bribe to further stop any kind of hack.

HBO has issued a statement several times denying any kind of talk with the hacker.

"We are not in communication with the hacker and we're not going to comment every time a new piece of information is released. It has been widely reported that there was a cyber incident at HBO. The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we're not going to participate in."

However, The Mr Smith group said:

"By the way, we officially inform you and other hundred of reporters whom emailing us that we sold 'HBO IS FALLING's entire collection (5 TB!!!) to 3 customers in deep web and we earned half of requested ransom. We put a condition for our respected customers and they approved. We will leak many many waves of HBO's internal stuff to punish them for playing us and set an example of a greedy corporation.
Game of throne is over. Wait for major waves!!! RIP HB-Old"